In this whiteboard presentation, Akamai InfoSec Program Manager James Salerno explains what FedRAMP is, why it was created and why it's become an important part of Akamai's security compliance process.

The following was written by CSIRT Manager Mike Kun:While investigating an attack against an Akamai customer, Akamai's CSIRT discovered a server hosting a web-based attack tool -- a variant of the account checker tool first discovered in 2012.

Microsoft released its security bulletin for December 2014 this week, fixing security holes in Windows, Exchange, Office and Internet Explorer. The full patch matrix is below.More Akamai perspective on patching and vulnerability management:Akamai University: Vulnerability Management vs. Pen TestingTen Years After the Blaster WormBug Bounty Programs: A Turning Point for Microsoft

The following advisory was written by CSIRT Manager Mike Kun:We are aware of a newly-announced vulnerability found by Adam Langley and Brian Smith in some implementations of the TLS 1.x protocol that allows for a man-in-the-middle attack. This can result in insecure compromised transactions over TLS 1.x. For more details, read the original article.

In the latest episode of the Security Kahuna Podcast, Dave Lewis, Martin McKeay and I discuss the security breach at Sony, lawsuits between the banks and Target, and much more. Rather than give the latest victims a lashing over mistakes that allowed the breach to happen, we focus on the lessons learned and how companies can better protect themselves going forward.Listen to the full episode

Microsoft has released a preview of the security bulletin it plans to release Tuesday, Dec. 9, 2014. If the plan holds, the software giant will release seven bulletins -- three of them for critical vulnerabilities in Windows, Office and Internet Explorer. The full preview is below.More Akamai perspective on patching and vulnerability management:Akamai University: Vulnerability Management vs. Pen TestingTen Years After the Blaster WormBug Bounty Programs: A Turning Point for

Because Akamai is trusted by thousands of online retailers, and in fact all of the 20 top global eCommerce sites, we see and analyze enormous amounts of attack data during events such as Black Friday. This year we tracked requests coming into dozens of online retailers over 24 hour periods for each of the 5 Fridays leading up to Black Friday. During that period we analyzed 4.2 billion HTTP

I recently sat down for a discussion with Contrast Security CTO Jeff Williams, host of the Security Influencer Podcast. We covered a lot of ground, including the most recent data breaches making news and the recent uptick in attacks against third-party web services.Access the podcast and interview transcript here

A Bitcoin extortion campaign is underway, launched by a group of bad actors calling themselves DD4BC. The group repeatedly tried to blackmail Bitcoin exchanges and gaming sites -- threatening victims with DDoS attacks in order to extort bitcoins. Akamai's Prolexic Security Engineering and Response Team (PLXsert) reports the following:

We're Social

Akamai secures and delivers digital experiences for the world’s largest companies. Akamai’s intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps, and experiences closer to users than anyone — and attacks and threats far away. Akamai’s portfolio of edge security, web and mobile performance, enterprise access, and video delivery solutions is supported by unmatched customer service, analytics, and 24/7/365 monitoring. To learn why the world’s top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global contact information at www.akamai.com/locations.